infra_hands_on - Speaker Deck

Slide 1

Slide 1 text

ʙେن໛Πϯϑϥͷϊ΢ϋ΢ͱय़ͷ࠼ΓΛఴ͑ͯʙ QZBNB(.01FQBCP *OD ΠϯϑϥϋϯζΦϯ *OGSBTUSVDUVSFBT$PEFΛֶͿ ࣮ફతϋϯζΦϯ

Slide 2

Slide 2 text

ϗεςΟϯάࣄۀ෦νʔϑςΫχΧϧϦʔυ ࢁԼ࿨඙!QZBNB

Slide 3

Slide 3 text

ϖύϘ෱Ԭ

Slide 4

Slide 4 text

*OGSBTUSVDUVSFBT$PEF

Slide 5

Slide 5 text

*OGSBTUSVDUVSFBT$PEF wιϑτ΢ΣΞ։ൃͷϊ΢ϋ΢ΛΠϯϑϥ΁ wόʔδϣϯ؅ཧ wςετۦಈ։ൃ wܧଓతΠϯςάϨʔγϣϯ wܧଓతσϦόϦʔ

Slide 6

Slide 6 text

*OGSBTUSVDUVSFBT$PEF wιϑτ΢ΣΞ։ൃͷϊ΢ϋ΢ΛΠϯϑϥ΁ wόʔδϣϯ؅ཧ wςετۦಈ։ൃ wܧଓతΠϯςάϨʔγϣϯ wܧଓతσϦόϦʔ

Slide 7

Slide 7 text

࣮ફతϋϯζΦϯ

Slide 8

Slide 8 text

ϋϯζΦϯͷΰʔϧ -# -# 1SPYZ 1SPYZ "QQ "QQ ৑௕Խ͞Εͨ8FCγεςϜΛ *OGSBTUSVDUVSFBT$PEFΛମײ͠ͳ͕Β ։ൃ͢Δ

Slide 9

Slide 9 text

ϋϯζΦϯͰ࢖༻͢Δπʔϧɾϛυϧ΢ΣΞ ϓϩμΫτ໊ ໾ׂ WBHSBOU 7.Ϛωʔδϝϯτ JUBNBF ϓϩϏδϣχϯά 4FSFSTQFD ςετ LFFQBMJWFE ϩʔυόϥϯγϯά OHJOY 8ϓϩΩγ IUUQE ΞϓϦέʔγϣϯ

Slide 10

Slide 10 text

WBHSBOU w3VCZͷه๏Ͱ7JSUVBM#PYͳͲͷ7.Λ؅ཧͰ͖Διϑτ΢ΣΞ w)BTIJ$PSQ IUUQTXXXIBTIJDPSQDPN IUUQTXXXWBHSBOUVQDPN

Slide 11

Slide 11 text

JUBNBF w1SFGFSSFE/FUXPSLTͷ!SZPU@B@SBJ͕࡞੡ͨ͠044 w-JHIUDIFG wγϯϓϧͰ࢖͍΍͘͢ɺNSVCZ൛͸NJUBNBF IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBF

Slide 12

Slide 12 text

4FSWFSTQFD w!NJ[[Z͕࡞੡ͨ͠044 w34QFDͷه๏Ͱαʔό؀ڥΛςετͰ͖Δ IUUQTFSWFSTQFDPSH

Slide 13

Slide 13 text

ϋϯζΦϯ؀ڥ wIUUQTHJUIVCDPNQFQBCPJOGSBTUVSVDUVSF@BT@DPEF@IBOET@PO ├── Gemfile // ར༻gemͷఆٛ ├── Gemfile.lock // gemͷόʔδϣϯݻఆϑΝΠϧ ├── README.md ├── Vagrantfile // VMͷఆٛ ├── bootstrap.rb // Itamaeͷ࣮ߦεΫϦϓτ ├── cookbooks // ϓϩϏδϣχϯάεΫϦϓτΛ഑ஔ͢ΔσΟϨΫτϦ └── www ├── default.rb ├── files └── templates

Slide 14

Slide 14 text

ϋϯζΦϯ؀ڥ wIUUQTHJUIVCDPNQFQBCPJOGSBTUVSVDUVSF@BT@DPEF@IBOET@PO ├── nodes // ϩʔϧຖͷΞτϦϏϡʔτϑΝΠϧΛ഑ஔ͢ΔσΟϨΫτϦ │ └── www.yaml ├── roles // ϩʔϧຖͷϓϩϏδϣχϯάεΫϦϓτΛ഑ஔ͢ΔσΟϨΫτϦ │ └── www │ └── default.rb ├── spec // ServerpecͷεΫϦϓτΛ഑ஔ͢ΔσΟϨΫτϦ │ ├── spec_helper.rb │ └── www │ └── httpd_spec.rb └── vagrant_properties.yml // vagrantͷߏ੒ϑΝΠϧ

Slide 15

Slide 15 text

ਐΊํ w888ϩʔϧ࡞Δ w1309:ϩʔϧ࡞Δ w-#ϩʔϧ࡞Δ

Slide 16

Slide 16 text

؆୯ʂʂʂ̍

Slide 17

Slide 17 text

888ϩʔϧͷཁ݅ wQIQJOGP͕දࣔͰ͖Δ w1)1͕ར༻Ͱ͖Δ

Slide 18

Slide 18 text

5%% wςετͰ·ͣ͋Δ΂͖ঢ়ଶΛఆ͔ٛͯ͠Βɺ։ൃΛߦ͏ $ vagrant up www-1 $ bin/rake spec:www-1

Slide 19

Slide 19 text

BQBDIFͷΠϯετʔϧ wDPPLCPPLTXXXBQBDIFSCͷ࡞੒ wDPPLCPPLTXXXEFGBVMUSC͔ΒBQBDIFSCΛಡΈࠐΉ wSPMFTXXXEFGBVMUSC͔ΒXXXͷDPPLCPPLΛಡΈࠐΉ XXXSPMF BQBDIFDPPLCPPL qVFOUEDPPLCPPL BQBDIFSFDJQF QIQSFDJQF UEBHFOUSFDJQF QMVHJOSFDJQF

Slide 20

Slide 20 text

QBDLBHF IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJQBDLBHFSFTPVSDF package do action :install version 1.0 end ύοέʔδͷΠϯετʔϧΛߦ͏Ϧιʔε

Slide 21

Slide 21 text

DPPLCPPLTXXXBQBDIFSC wϨγϐ͸ϛυϧ΢ΣΞ୯ҐͰ෼ׂ͠ɺ࠶ར༻ੑΛߴΊΔ %w( apache2 php7.0 libapache2-mod-php7.0 ).each do |n| package n end σϑΥϧτΞΫγϣϯ͕JOTUBMMͳͷͰলུՄೳ

Slide 22

Slide 22 text

DPPLCPPLTXXXEFGBVMUSCͷఆٛ # ઌ΄Ͳఆٛͨ͠ϨγϐΛಡΈࠐΉ include_recipe 'apache.rb' EFGBVMUSC͸ෳ਺ͷϨγϐΛଋͶΔ໾ׂʹ࢖͏

Slide 23

Slide 23 text

SPMFTXXXEFGBVMUSCͷఆٛ # ઌ΄Ͳఆٛͨ͠ΫοΫϒοΫΛಡΈࠐΉ include_cookbook 'www' ͜ͷΑ͏ʹ͢ΔͱɺҰͭͷϩʔϧΛෳ਺ͷ ΫοΫϒοΫΛ૊Έ߹ΘͤͯߏஙͰ͖Δ

Slide 24

Slide 24 text

-FU`T1SPWJTJPO $ vagrant provision www-1 IUUQXXXIBOETPOQCEFW VCVOUVͷσϑΥϧτϖʔδ͕ ݟ͑Ε͹0,

Slide 25

Slide 25 text

QIQJOGPΛදࣔ͢Δ wTQFDXXXQIQJOGP@TQFDSC describe file('/var/www/html/index.php') do it { should be_file } it { should be_mode 755 } it { should be_owned_by 'root' } it { should be_grouped_into 'root' } end IUUQTFSWFSTQFDPSHSFTPVSDF@UZQFTIUNMpMF

Slide 26

Slide 26 text

QIQJOGPΛදࣔ͢Δ wDPPLCPPLTXXXQIQJOGPSC remote_file '/var/www/html/index.php' do owner 'root' group 'root' mode '755' end IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJSFNPUF@pMFSFTPVSDF

Slide 27

Slide 27 text

QIQJOGPΛදࣔ͢Δ wDPPLCPPLTXXXpMFTJOEFYQIQ

Slide 28

Slide 28 text

DPPLCPPLTXXXEFGBVMUSCͷఆٛ # ઌ΄Ͳఆٛͨ͠ϨγϐΛಡΈࠐΉ include_recipe ‘apache.rb' include_recipe ‘phpinfo.rb’ EFGBVMUSC͸ෳ਺ͷϨγϐΛଋͶΔ໾ׂʹ࢖͏

Slide 29

Slide 29 text

-FU`T1SPWJTJPO $ vagrant provision www-1 IUUQXXXIBOETPOQCEFW QIQJOGPݟ͑ͳ͍ɾɾɾ

Slide 30

Slide 30 text

TTIϩάΠϯ $ vagrant ssh www-1 ubuntu@www-1:~$ ls -ltr /var/www/html total 16 -rw-r--r-- 1 root root 11321 Apr 3 07:13 index.html -rwxr-xr-x 1 ubuntu root 26 Apr 3 07:29 index.php JOEFYIUNMΛ࡟আ͢Δඞཁ͕͋Δ

Slide 31

Slide 31 text

JOEFYIUNMͷ࡟আ describe file('/var/www/html/index.html') do it { should_not exist } end wTQFDXXXQIQJOGP@TQFDSC

Slide 32

Slide 32 text

JOEFYIUNMͷ࡟আ wDPPLCPPLTXXXQIQJOGPSC file '/var/www/html/index.html' do action :delete end IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJpMFSFTPVSDF

Slide 33

Slide 33 text

-FU`T1SPWJTJPO $ vagrant provision www-1 $ bin/rake spec:www-1 IUUQXXXIBOETPOQCEFW ::

Slide 34

Slide 34 text

ه๏νΣοΫͱDPNNJU $ bin/rake rubocop -a $ git add . $ git commit -m “wwwͷߏங”

Slide 35

Slide 35 text

1309:ϩʔϧͷཁ݅ wOHJOYΛར༻ͨ͠)551ϓϩΩγ͕Ͱ͖Δ 1SPYZ 1SPYZ "QQ "QQ

Slide 36

Slide 36 text

OHJOYΛΠϯετʔϧ͢Δ wTQFDQSPYZOHJOY@TQFDSC require 'spec_helper' %w( nginx ).each do |n| describe package(n) do it { should be_installed } end end describe service('nginx') do it { should be_enabled } it { should be_running } end describe port(80) do it { should be_listening } end

Slide 37

Slide 37 text

DPPLCPPLɺSPMFͷ਽ܗΛ࡞Δ $ bin/itamae generate cookbook proxy $ bin/itamae generate role proxy $ echo ‘role: proxy’ > nodes/proxy.yaml $ vagrant up proxy-1 $ bin/rake spec:proxy-1

Slide 38

Slide 38 text

OHJOYͷΠϯετʔϧ package 'nginx' service ‘nginx’ do action %w(enable start) end wDPPLCPPLTQSPYZOHJOYSC

Slide 39

Slide 39 text

OHJOYͷΠϯετʔϧ include_recipe 'nginx.rb' wDPPLCPPLTQSPYZEFGBVMUSC include_cookbook 'proxy' wSPMFTQSPYZEFGBVMUSC

Slide 40

Slide 40 text

OHJOYͷઃఆΛ͢Δ % vagrant ssh proxy-1 ubuntu@proxy-1:~$ sudo su - root@proxy-1:~# cd /etc/nginx/ root@proxy-1:/etc/nginx# ls -ltr root@proxy-1:/etc/nginx# more nginx.conf … include /etc/nginx/conf.d/*.conf; # nginxͷconfigʹ͸includeػߏ͕͋Δ … wQSPYZαʔόͷதΛ೷͘

Slide 41

Slide 41 text

VQTUSFBNͷఆٛΛߦ͏ 1SPYZ 1SPYZ "QQ "QQ QSPYZαʔό͔ΒݟͯɺϓϩΩγઌͷ αʔόΛVQTUSFBNͱఆٛ

Slide 42

Slide 42 text

VQTUSFBNͷఆٛΛߦ͏ describe file('/etc/nginx/conf.d/www.conf') do its(:content) { should match /server 172.18.1.31/ } its(:content) { should match /server 172.18.1.32/ } end describe file('/etc/nginx/sites-enabled') do it { should_not exist } end describe file('/etc/nginx/sites-available') do it { should_not exist } end wTQFDQSPYZOHJOY@TQFDSC

Slide 43

Slide 43 text

UFNQMBUFΛར༻͢Δ template '/etc/nginx/conf.d/www.conf' do owner 'root' group 'root' notifies :restart, 'service[nginx]' end IUUQTHJUIVCDPNJUBNBFLJUDIFOJUBNBFXJLJUFNQMBUFSFTPVSDF

Slide 44

Slide 44 text

UFNQMBUFΛར༻͢Δ upstream app { <% node['proxy']['app']['servers'].each do |s| %> server <%= s %>; <% end %> } server { listen 80; server_name localhost; location / { proxy_pass http://app/; } } DPPLCPPLTQSPYZUFNQMBUFTXXXDPOGFSC

Slide 45

Slide 45 text

؀ڥ͝ͱͷϑΝΠϧ͸OPEFTͰ؅ཧ proxy: app: servers: - 172.18.1.31 - 172.18.1.32 OPEFTQSPYZZBNM ෳ਺؀ڥͷ৔߹͸ɺQSPYZQSPEVDUJPOZBNM΍ QSPYZEFWFMPQNFOUZBNMͳͲΛ࡞੒͢Δ

Slide 46

Slide 46 text

՝୊ FUDOHJOYTJUFTFOBCMFE FUDOHJOYTJUFTBWBJMBCMF ্هͷσΟϨΫτϦΛ ࡟আ͍ͯͩ͘͠͞

Slide 47

Slide 47 text

ਖ਼౴ྫ %w( enabled available ).each do |n| directory "/etc/nginx/sites-#{n}" do action :delete notifies :restart, 'service[nginx]' end end

Slide 48

Slide 48 text

ه๏νΣοΫͱDPNNJU $ bin/rake rubocop -a $ git add . $ git status $ git commit -m “proxyͷߏங”

Slide 49

Slide 49 text

՝୊ FUDOHJOYDPOGEXXXDPOG ͜ͷϨγϐΛUFNQMBUFͷ WBSJBCMFTΛར༻ͯ͠ΑΓ ࠶ར༻ੑΛߴΊΔ

Slide 50

Slide 50 text

-#ϩʔϧͷཁ݅ w7*1Λ؅ཧͰ͖Δ w7*1Ͱड͚ͨτϥϑΟοΫΛ1SPYZαʔόʹ όϥϯγϯάͰ͖Δ -# -# 1SPYZ 1SPYZ

Slide 51

Slide 51 text

7*1ͱ͸

Slide 52

Slide 52 text

LFFQBMJWFEΛΠϯετʔϧ͢Δ wTQFDMCLFFQBMJWFE@TQFDSC require 'spec_helper' %w( keepalived ).each do |n| describe package(n) do it { should be_installed } end end describe service('keepalived') do it { should be_enabled } it { should be_running } end describe port(80) do it { should be_listening } end

Slide 53

Slide 53 text

ϦΞϧαʔό΋ςετ describe file(‘/etc/keepalived/keepalived.conf’) do its(:content) { should match /real_server 172.18.1.21 80/ } its(:content) { should match /real_server 172.18.1.22 80/ } end wTQFDMCLFFQBMJWFE@TQFDSC

Slide 54

Slide 54 text

DPPLCPPLɺSPMFͷ਽ܗΛ࡞Δ $ bin/itamae generate cookbook lb $ bin/itamae generate role lb $ echo ‘role: lb’ > nodes/lb.yaml $ vagrant up lb-1 $ bin/rake spec:lb-1

Slide 55

Slide 55 text

LFFQBMJWFEͷΠϯετʔϧ package 'keepalived' service ‘keepalived’ do %w(enable start) end template '/etc/keepalived/keepalived.conf' do owner 'root' group 'root' notifies :restart, 'service[keepalived]' end wDPPLCPPLTMCLFFQBMJWFESC

Slide 56

Slide 56 text

LFFQBMJWFEͷΠϯετʔϧ include_recipe ‘keepalived.rb' wDPPLCPPLTMCEFGBVMUSC include_cookbook ‘lb’ wSPMFTMCEFGBVMUSC

Slide 57

Slide 57 text

7*1ͷఆٛ vrrp_instance vrrp_int { interface <%= node['lb']['keepalived']['if'] %> virtual_router_id <%= node['lb']['keepalived']['router_id'] %> nopreempt state BACKUP priority 100 advert_int 3 garp_master_delay 5 authentication { auth_type PASS auth_pass hands_on } virtual_ipaddress { <%= node['lb']['keepalived']['vip'] %> } } wDPPLCPPLTMCUFNQMBUFTLFFQBMJWFEDPOGFSC

Slide 58

Slide 58 text

7*1ͷఆٛ virtual_server <%= node['lb']['keepalived']['vip'] %> 80 { delay_loop 10 lvs_sched lc lvs_method NAT protocol TCP <% node['lb']['keepalived']['servers'].each do |s| %> real_server <%= s %> 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 30 } } <% end %> } wDPPLCPPLTMCUFNQMBUFTLFFQBMJWFEDPOGFSC

Slide 59

Slide 59 text

:".-ͰΞτϦϏϡʔτΛఆٛ͢Δ lb: keepalived: vip: 172.18.1.10 router_id: 100 if: enp0s8 servers: - 172.18.1.21 - 172.18.1.22 wOPEFTMCZBNM

Slide 60

Slide 60 text

-FU`T1SPWJTJPO $ vagrant provision lb-1 $ bin/rake spec:lb-1

Slide 61

Slide 61 text

αʔόͷதΛݟͯΈ·͠ΐ͏

Slide 62

Slide 62 text

JQWTͷঢ়ଶΛݟΔ # vipΛอ͍࣋ͯ͠Δ͔ $ ip a # real serverͷঢ়ଶΛݟΔ $ ipvsadm -L -n

Slide 63

Slide 63 text

ه๏νΣοΫͱDPNNJU $ bin/rake rubocop -a $ git commit -m “lbͷߏங”

Slide 64

Slide 64 text

৑௕Խ

Slide 65

Slide 65 text

଴ػܥΛىಈ͢Δ -# -# 1SPYZ 1SPYZ "QQ "QQ $ vagrant up

Slide 66

Slide 66 text

JQWTͷঢ়ଶΛݟΔ # real serverͷঢ়ଶΛݟΔ $ ipvsadm -L -n

Slide 67

Slide 67 text

͓΋ΉΖʹαʔόΛམͱ͢ $ vagrant halt www-1 $ vagrant halt proxy-1 $ vagrant halt lb-1 αʔϏε͕ແఀࢭͰ͋Δ͜ͱ

Slide 68

Slide 68 text

·ͱΊ

Slide 69

Slide 69 text

ࠓ೔ֶΜͩ͜ͱ w*OGSBTUSVDUVSFBT$PEF͸ιϑτ΢ΣΞ։ൃͷϊ΢ϋ΢ΛΠϯϑϥͷ ੈք΁͖࣋ͬͯͨ΋ͷ wΠϯϑϥʹ͓͍ͯ΋ςετۦಈ։ൃ w࠶ར༻͠΍ཻ͍͢౓ͰϨγϐΛ؅ཧ wΠϯϑϥ͸ָ͍͠ʂʂʂ̍